It's a variant of what's called "rubber hose cryptology": sometimes it's technologically a lot easier to just beat the password out of someone (smacking the soles of one's feet with a rubber hose apparently being a rather effective technique).
I draw the line using a "rag doll" model. They can compel fingerprints, physical keys, DNA, etc. insofar as they can manipulate your limp unresitive (albeit uncooperative) body to take fingerprints, extract keys from pockets, snip a hair, extract a blood sample, etc. They cannot, however, compel you to act on their behalf and against your own interests - to wit, they cannot demand you speak (type, write, press buttons) words the whole point of which can and will be used against you. A fair argument may be made for compelling you to provide the key/combination to a safe, but only insofar as they CAN tear the safe apart with blowtorches & diamond saws if you don't cooperate. But when it comes to the state's evidence hinging entirely upon the defendant's cooperation, no - that's why we have the 5th Amendment (gov't cannot compel one to testify against self).
Being ordered to produce documentary evidence is not the same as being compelled to testify against yourself. Defendants are ordered to produce evidence all the time in the form of subpoenas.
Could you not then argue the same for data encryption? Bruteforcing it would be the equivalent of a blowtorch in that case. Would that not then mean that they can compel you to give the key/password?
A blowtorch can open such a safe in <1 day. Depending on the encryption, cracking it in a year might be impressive. And that assumes they can prove it's even there.
We'll figure out how to read people's minds before some TLA brute-forces a volume encrypted with layered AES-Twofish-Serpent. If you're going that far, you might as well just dump the 5th Amendment now.
But when it comes to the state's evidence hinging entirely upon the defendant's cooperation, no - that's why we have the 5th Amendment (gov't cannot compel one to testify against self).
And really, doesn't that mean it (whatever is obscured by a lack of cooperation) shouldn't be considered a crime? Kind of by definition?
Not if they find a way to get to it and it incriminates you.
otherwise, lack of coooperation because you are exercising your rights is not supposed to be used as evidence of a crime.
not letting the police into your home is not in any way considered valid criteria for a judge to issue a search warrant, as i understand it.
> A fair argument may be made for compelling you to provide the key/combination to a safe, but only insofar as they CAN tear the safe apart with blowtorches & diamond saws if you don't cooperate.
Interesting argument.
Suppose I build a safe that costs $100 million to break open (because I spent $200 million of my ill-gotten money to hide $300 million more in ill-money).
Now you've found my safe during your tax evasion investigation, but you don't have close to $100 million in your budget. So you don't really have the ability to tear the safe apart. So they tell me I have to give them the combination.
I don't think cost has anything to do with it. If they really want it that badly they can do their best to open it. My due process is more important than their budget.
Beware unrealistic hypotheticals. (Say, what's the cost to build such a safe?)
Short of dismissing the question out of hand, the point remains that it is still a mere matter of money - something which can be soaked out of taxpayers as needed. Even if we're talking a small jurisdiction with grossly insufficient funds, I'll meet your hypothetical with one where the US Military is invited to have a whack at it - and they can whack pretty hard. It's just a matter of money, and for all practical purposes through history that's been enough to crack any safe. ...and with that kind of money in that safe, I'm sure you could resolve the problem. Short of a scenario where forcing the safe would provably destroy evidence, or delays cause grave bodily harm, they can put the safe in the evidence warehouse and indefinitely assign someone to resolve the issue, while you cool your heels in Graybar Hotel until they open it or you save taxpayers the cost of doing so.
This in contrast to encryption, where any idiot can pick a good algorithm with a high-bitcount high-entropy key which could not be cracked using the resources of the universe. This isn't a hypothetical, this is the OP case. Here, the prosecution truly does hinge on the defendant incriminating himself: no cooperation = no conviction.
If you can prove a safe, like encryption, can't be cracked short of universe-scale efforts, I'll change my position.
This is a very clear and compelling (so to speak) way of thinking about the problem, and one I don't think I've ever heard before. Is this an independent invention of yours or is there literature to be found on the "rag doll" model?
To counter this, you need an encryption method with these properties:
- you can be banned or self-banned, irrevocably, from accessing your data;
- you can prove to the judge that you can't access your data;
- even with full forensic copies of your disk, you can't be un-banned.
You can do that by having part(s) of the key on server(s) online. Give yourself, a couple of trusted friends and optionally a script, the ability to wipe those keys: it will irrevocably seal your disk's content. Obviously, pick servers under foreign jurisdictions which dislike to collaborate.
Even better, there's no proof that you're the one who destroyed the keys: you can't be charged with evidence tempering.
>Even better, there's no proof that you're the one who destroyed the keys: you can't be charged with evidence tempering.
The court doesn't really work this way. Just because you cross your fingers when you do something doesn't mean you aren't going to be charged with destruction of evidence.
If an office had a policy of shredding old financial paperwork and that policy was faithfully followed on the day after, say, the COO was whisked away for embezzlement, would it count as evidence tampering?
Or to the point: if you use a remotely-stored encrypted volume with a dead man's switch as a day-to-day security policy, would it still be trivial to charge someone for evidence tampering?
AIUI (IANAL, mind), no — or at least it's less likely. It's when you go out of you way to destroy the evidence (and can be demonstrated to have done so) that you're almost certainly facing obstruction charges. If you're just doing the same thing you do every day, it's much harder to establish the intent to destroy inculpatory evidence, which is what would trigger the obstruction charge in the first place.
Technically true with one caveat. If you have a reasonable expectation of litigation you are required to put all data destruction on hold. Reasonable can be up to the court to decide and the burden of proving that you did put a litigation hold into place is yours to prove.
In civil cases, once you know or have reasonable cause to suspect a court case is imminent, you're technically supposed to act to preserve evidence, and not doing so can lead to sanctions, even if the evidence was destroyed as part of routine policy.
I'm less clear on how evidence tampering is dealt with in criminal law.
In a criminal case (and likely in the worst of criminal cases), the suspect has no idea when the FBI will come bursting through the door to arrest him/her and seize hard drives. A dead-man's switch would be impossible to prevent in this scenario (aside from never using one in the first place).
> If an office had a policy of shredding old financial paperwork and that policy was faithfully followed on the day after, say, the COO was whisked away for embezzlement, would it count as evidence tampering?
If it could be reasonably expected that the financial paperwork would be relevant to the ongoing litigation, yes, you're in trouble for destroying it. When companies are on notice of pending litigation, from that point forward they are required to take affirmative steps to preserve potentially relevant evidence. Failure to do so was one of the things that got the Enron folks in trouble.
The first case is why we have data retention laws.
On the second, I _think_ that in most jursidictions in the US the moment you're arrested you have an impetus not to destroy evidence that probably extends to not allowing evidence to be destroyed by a system that you could trivially prevent.
Putting a system in place where you have to take action to prevent an event is legally similar to a system where you take action to cause an event; in either case you've purposely taken an action that leads to the destruction of evidence.
We'd need a real lawyer to comment, but otherwise I think we'd have already seen things like this for years (even pre-computer)
If it's a dead man's switch and you're not a career criminal, I'm sure you could convince a judge that it slipped your mind because of the distress caused by being whisked off to jail. Probably not a guarantee that a judge won't say 'too bad' though.
Then it depends on what you destroyed. If the data is provenly destroyed there are limits to what you can be charged with. If what your hiding is worse this still maybe a viable option. If however the data is still recoverable with your cooperation I believe you could be jailed in contempt indefinitely (until you cooperate).
The longest contempt detention I'm aware of was a very bizarre case involving a guy named Richard Fine who was jailed for something less than 18 months. It was a civil case, and as far as I know he never argued that the information he was being ordered to produce would incriminate him in a criminal matter. His attempts to secure his release involved some conspiracy-theory-level ranting that probably contributed greatly to higher courts ignoring him.
A local judge ultimately decided Fine was irrational and keeping him in jail didn't accomplish anything but taking up of jail space and resources.
In a criminal matter involving even a hint of self-incrimination, I'm disinclined to think a contempt sentence would be allowed to continue indefinitely by US courts absent an immunity deal.
The way courts generally work, they need a proof you've done something wrong to condemn you. If there are a dozen friends who had the wiping rights to your keys, and they knew you'd been arrested, any of them could have decided to wipe the key, just in case.
Unless the judge can prove who did it, he can't condemn the 13 (12+you) of you because one of you did something wrong. Besides, the 12 innocents don't know who did it either, so they can't snitch.
It requires the wiping procedure to be impractically hard to trace back, but that can be done.
Unfortunately, setting up such a scheme is clearly intended specifically to create reasonable doubt, which can get you charged with obstruction and contempt.
You can also require at least 2 or 3 (or so) of your friends to all press the key to wipe your data. That way you don't have to trust everybody completely.
That's a possibility, but the risk of having your data inadvertently destroyed is much higher. Moreover, you must trust your ability to stall inquiries for up to a week.
It really depends on the relative cost of having your data destroyed vs. having your data published, but I'm sure there are cases with a dead man switch is a good compromise.
I have question to those who know more about these things: Instead of hidden volumes, wouldn't it be better to have an "under duress" password?
The hard drive is encrypted and sensitive folders are identified by the user. When a password is given all contents are decrypted.
When a "under duress" password is given the sensitive folders are permanently wiped and all the (remaining, innoculous) contents are decrypted.
This stops them from finding hidden volumes or operating systems because there are none. Wouldn't that be a better model, and much harder to figure out?
Then they restore the hard drive from the cloned image they made before entering the password and ask you once more for the password. This time, with feeling.
There might be a market for keeping your keys on some service "out there". Boot your computer, type in your password, your computer sends the password to the key service. If the password is correct they send back the key, if the password is the destruct codes they delete the key.
No amount of hard-drive cloning will stop this. Paired with some other optional measures ("we delete the password unless you send an email every week" etc) and it's almost foolproof. You might still have a hard time arguing against destruction of evidence, though. I guess if your "don't delete the keys" email was "Please delete my encryption keys" you could be completely honest and they wouldn't believe you, resulting in your keys being deleted despite your complete cooperation.
Great Idea by the way. Like Wikileaks you would have to replicate all your server in the countries that are the "freeist" or you need a very good system to hide where you are. Tor is a good exampel.
They would also tack on extra charges for interfering with a police investigation by attempting to destroy evidence, and/or the court would find you in contempt.
This is a common mistake in security -- assuming that the hacker plays by your rules.
The police would just use a copy of the program which forgets to delete when the "on duress" password is provided. I imagine it'd require commenting out all of, say, five lines and burning the modified version of YourCryptoNameHere onto a live CD.
What you want to do is to have a password that decrypts the content to something innocently looking. If the encryption program has the feature to both "dual encrypt" and do an ordinary encryption it should be hard to prove anything :) Not sure how you go about doing that algorithmically though so it would resist reverse engineering the program
Is it possible to have a third volume as well, opened with a different key? Or a fourth?
Maybe the solution is to have a first "primary" partition, then an "under duress" partition which you'll fight tooth and nail to protect, filing every appeal possible... and if you finally do give up the key, it's filled with entirely legal but extremely embarrassing pornography, plus a few self-written Harry Potter fanfictions.
Meanwhile, whatever you're ACTUALLY trying to hide is on a third.
Sure, it's a big damn hassle, but if you're conscious enough about the stuff you're trying to hide to go with a TrueCrypt hidden volume, it'll be worth your effort.
(I'm not actually sure this is possible, but if it is, I'm sure someone else has come up with it already.)
I've been wondering about this every time someone brings this up. So you use Truecrypt to secure your disk, and have say a "naughty" partition and two "clean" ones, for plausible deniability.
Won't the police in the event they have compelled you to unlock your HDD check how big the partition is? If you have a 500GB disk divided by three say with the 20GB "naughty" partition, a 20GB "double-decoy" and a 460GB "decoy" partition won't the police pull the disk out, look at the label on it which says "Seagate 500GB" and say "You have 20GB left on this disk we haven't seen yet. Unlock it."?
Or is there a way in which trucrypt can hide your hidden partitions in a way that a) they don't look like randomized/encrypted data and b) it isn't obvious there is space "missing" from your disk.
That's the beauty of full-disk encryption. Even the empty space is encrypted. So the hidden volume is truly hidden. Even TrueCrypt has no idea the hidden volume exists if you unlock the outer volume with a different key.
Truly empty-space is indistinguishable from a secret inner volume.
Why can't I write a program that tries to expand itself to use any available space, then runs in to a wall if the "empty space" is actually encrypted data? If the space used by data + my program adds up to less than the total capacity of the disk, it indicates something is hiding right?
You seem to be misunderstanding. Read your parent's last line again. "Empty space" is indistinguishable from encrypted data. On the hard disk, everything will just look like randomized bits, empty space and data alike. There is no way to write the program you propose without the encryption key(s). So there's no way to tell, unless you have all the keys.
The program will just overwrite the data of the hidden volume. That's why it's important to have a lot of empty ("empty") space on the primary volume when you have a hidden volume there.
AIUI, Truecrypt is actually very clever about this. Until decrypted, every TrueCrypt partition consists of nothing more than random data. This, combined with the fact that hidden volumes are actually stored within your first / outer partition it should make it impossible to analyze whether other volumes / partitions exist.
What you really need is a hard disk encrypted with many different partitions, e.g. one for programming projects, one for web browsing, one for email and correspondance, one of movies, one for porn, etc. This should be done using encryption software that allows for 100s of partitions, so it would be a lot harder for the police to argue that you're hiding some partitions.
The software should also, when if formats the disk, leave a random area of c.5% of it free, so the police can't count up trhe size of all your partitions and figure out you're hiding something.
From what I gathered Truecrypt provides plausible deniability through hidden volumes that appear to be random data. AFAIK it doesn't allow you to have a partition that when you decrypt with a certain password transforms to alternate content. So if the feds know you have something encrypted you might be in trouble.
well, it lets you have a fully functional alternate system (both systems are encrypted) that will show up if the correct password is used, with no direct forensic way to prove it exists at all, by design. There indirect ways, outlined intheir faqs quite well, that could beused to suggest you have multiple instqnces, like multiple windows updates for thesame updates from th same system, that kinda thing..... but with enough diligence you could pull it off.
there are also some write restrictions iirc - may enim wrong but i think if you write to the alternate system you cansquash data inadvertently from the primary as thesecondary can have no knowledge of thereal system in any way, makingn this unavoidable.
pulling this off would require a level of diligence most people justdonthave, andthere are easierways to hide your data.
But if you've done it right, they can't prove it. In US law, you can't convict someone criminally because you suspect they're withholding information, you have to be able to prove it beyond reasonable doubt.
I've actually been in court for this kind of stuff. (Not as a defendant.) What actually happens is the prosecutor tells the court that they have X, Y, and Z evidence, which indicates the existence of W evidence, even though they can't actually get hold of W evidence. Then they don't charge you for W evidence directly, they just run the charges up for X, Y, and Z until you agree to a plea bargain anyway.
Your ability to defend against tactics like this is 100% dependent on the size of your bank account, which, by the way, may also be compromised if the prosecutors can convince the right people that you made any money at all on your illegal activities.
This is why I am mostly blasé about things like TrueCrypt's capabilities or this particular part of the law or what-have-you. If you're doing something illegal involving a computer, you're already screwed anyway -- unless you're independently wealthy and have some serious connections.
> What actually happens is the prosecutor tells the court that they have X, Y, and Z evidence, which indicates the existence of W evidence, even though they can't actually get hold of W evidence. Then they don't charge you for W evidence directly, they just run the charges up for X, Y, and Z until you agree to a plea bargain anyway.
Uh, yeah, so what?
If they have the evidence to prove you committed a crime, then they have the evidence to prove you committed a crime. It kind of makes sense that they'd, y'know, prosecute you for that crime.
They can't just arbitrarily increase your sentence based on the suspicion of another crime. There are statutory limits for the crimes they can prove, augmented by sentencing guidelines. The court cannot exceed the statutory limits, and deviations from the sentencing guidelines require a justification to be articulated. "I think you also did W" is not a valid justification.
You're always at risk of a harsh sentence for whatever crimes can be proven. If you're not prepared to take that risk, you should probably avoid committing the crimes in the first place, no?
> If you're not prepared to take that risk, you should probably avoid committing the crimes in the first place, no?
That presumes you have the capacity to know what is and what is not legal. In the US, no human being is capable of that. On top of thousands and thousands of federal statutes, you also have state, county, and local statutes to worry about.
If the prosecutor comes up empty and you piss him off by playing games, guess what? He'll go on a fishing expedition and he will find something because, quite simply, it's impossible to run a business for any period of time without breaking some regulation or statute somewhere out there.
There's a reason 90% of criminal cases end in plea bargain. It's not because the people pleading are guilty nor because they are dumb.
Look. Don't do things to piss off cops or prosecutors. Be cordial, be kind, be helpful. They deal with assholes all day, it's easy to forget the nice guy. Also, hire a lawyer who used to be a prosecutor and who is on very good terms with the prosecutor and the local judges. The evidence isn't going to matter. There's a 90% chance you won't even get to trial. Focus on ending things cordially and quickly.
If someone has evidence on their encrypted drive that could put them away for life or a large portion thereof, or even trigger a capital case, the fine or few years of time behind bars for whatever piddly-ass crap the prosecutor can dig up is not going to be their primary concern. Worse for the prosecutor, if they go to extreme lengths to find something to charge you with, they risk pissing off the judge and/or appellate system with their vindictiveness.
You're always going to have to make a judgement as to whether you're better off cutting a deal or refusing to cooperate, but that does absolutely nothing to change the fact that a hidden volume may save your life.
I was thinking along the same lines, but instead of wiping the file, it changes the password to a randomized 20 character string.
If you're doing anything that risks getting pinched, it's probably better to take the obstruction rap than whatever it is you're being investigated for.
It would still be possible to copy the hard drive at a lower level before password entry. You could then compare before and after password entry and see that large chunks of data have been modified.
Doesn't have to be large chunks, just one block that stored the encryption key for the other partition. All you have to do is scrub the key from the drive and it's effectively erased.
What if lawyer-based service is created, which allows to automate representation of client including when client need access to data on the his hard drive. Essentially, develop algorithm allowing external OTP authentication.
And this lawyer, representing user, will have in agreement something like this "In case my client is under investigation or incriminated or ..." I will not be allowed to release OTP password.
Of course, this service will be based in country which treat law as a law, not inconvenience.
What I am missing? There are no such countries may be?
In the USA it is not legal (in violation of the 5th amendment) for the court to compel you to reveal a password (if your read the brief the Judge says as much). However, if the court can prove by other means that you own the data on a drive, they can compel you to provide them with the unencrypted contents of the drive via a search warrant.
They know you stole the car because they've got surveillance video so now they're serving you with a warrant to produce the car so they can also prove physical presence in the vehicle. This is my view of the ruling.
The chick got recorded talking about the documents so they're asking for a readable version.
I imagine they would hold you in contempt until you convince the lawyer to provide you with the password. I'd be very careful about entering into such an arrangement. It's basically a conspiracy to withhold evidence.
Everyone is trying to figure out which encryption technique can bypass the law when it's already too late. The best solution for this type of case is to keep your damn mouth shut and don't talk about the contents of the drive.
"the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it."
Without that recording, the prosecutions case would be a lot weaker. Sure, encrypt your files, but keep your mouth shut about it!
Just out of curiosity, what's the case-law like if she had encoded these documents and stored them on paper?
I certainly don't want to see mandatory decryption, but at the same time it doesn't make sense to let an accused completely skip out on discovery by simply truecrypt-ing the evidence either.
To me, the most convincing argument is, what if you legitimately forget your password?
If that alone gets you thrown in jail, then you're going to be jailing a lot of innocent people. On the other hand, if that does not get you thrown in jail, then one can simply claim to have forgotten the password without repercussion.
Personally, I'd rather let people hide evidence by encrypting it than jail people for being forgetful, since those seem to be the only two choices.
I'm thinking about the case where a person never even knew the key to what they have. The example is a business laptop being carried through customs, that was encrypted by someone else, who will decrypt it upon your arrival (or something similar)
1. If there's no evidence that you know the password, that's possibly a reasonable defense. When the police have a recording of you saying "don't worry, the files are on my encrypted partition", it's less reasonable.
2. I would seriously reconsider the decision to carry unknown contents through customs.
i think for his question to even be made, it was assumed he was being accused of possessing encrypted something.
Let's attach the old guy from france that got into the 3 strike law without even having a computer at the time. Now let's say instead of getting the IP of that old guy from france, the police got the IP of the comment above yours, from let's say mr Buttle. Now they confuse him with Mr Tuttle and assume he has encrypted criminal data. but all they could find on his computer is the file "not_encrypted_i_promise".
he is then throw in jail because he failed to provide the password. His infective defense was that he was "playing" with philosophical questions regarding encryption.
I don't see the problem. People get convicted based on faulty evidence. The sad fact is it happens. [Yes, that is a problem, but...] Why is cryptography special?
the guy has a file that is pure garbage. not encrypted.
the law officers THINK it's encrypted. the judge orders him to give the key. ...there's no key. it's honestly garbage data.
That's what make encryption special. It were a safe, the police could crack it open somehow. with encryption, they can just claim it's too advanced to be cracked and that will be treated like you are lying.
If they believe it's encrypted data containing incriminating evidence, and you refuse to decrypt it, you may be charged with obstruction of justice.
You have no need to prove it isn't actually encrypted data. All you must do is debunk whatever evidence they provide that it is encrypted. The prosecution must present compelling evidence that it isn't random data.
You're creating a dichotomy that doesn't exist. What actually happens is that there is an intent element to crimes associated with destroying evidence. So you might get in trouble for purposefully destroying evidence, or in some cases negligently destroying evidence (e.g. a company that didn't have a proper data-retention policy). You usually can't get in trouble for accidentally destroying evidence. Then, you testify as to your intent, and the jury gets to decide whether you're telling the truth, making inferences from your circumstances. People might believe you forgot the password to some drive you never use, but probably won't believe you forgot the password to the drive holding the bank codes for all the money you embezzled.
And what if the police just think the drive holds the bank codes for all the money I embezzled, but is actually an archive of amusing cat pictures I forgot the password to a year ago?
Seems to me that the only way to reasonably apply "innocent until proven guilty" there is to only convict if they know what the encrypted contents are, and if they can already prove that beyond a reasonable doubt, why do they even need you to decrypt them for you? Conversely, if they don't know the contents, then they may well be innocent, and the password innocently forgotten.
Interesting argument. Or what about different languages: if I write it in German, they can just get a translator. If I write it in a language of my own creation (hat tip to Tolkien here), then can they force me to translate?
Also analogous would be whether defendants can be required to provide they key to a safe, correct?
According to the article, Judge Blackburn's reasoning was that if defendants can be required to produce other documents, the existence of which is known, they can be required to "produce" encrypted documents via decrypting.
BTW, hackers, if you did not see it yet, check out what EncFs offer you. Essentially, it allows you to have multiple passwords on the same repository, and only files decryptable with currently used password are shown (require special option during mounting to ignore incorrect password warning).
Using that you can have any number of passwords and any number of "partitions" inside your folder. This is not like hidden partition in TrueCrypt, where you can not prove it exists at all.
Yes, dead-man switches and whatnot always come up with cases like this - that's not really part of this ruling. This case includes: a) they have record of the defendant stating the information exists on the machine, which she stated she owns, and b) they have (a very good) reason to believe the drive can be decrypted.
All of this strikes me more as a search warrant than anything, in the same way that they can break locked doors if they have a warrant to search a location. That it's a cryptographic lock really has no bearing on the matter - if the documents were printed and put in a locked closet, they could be confiscated and searched. Why is this different?
Any technologies exist that let you have multiple encrypted OS's on multiple keys? For example, 1 key could boot up one OS and another key could boot up a different OS. Seems like it'd be difficult to prove that you booted one or the other...
Plausible deniability is a much larger concept than that. Also if they know you're using Truecrypt, the "deniability" of the existence of a 2nd (or 3rd or 4th) OS goes down significantly.
The deniability doesn't diminish at all. You can even testify in court that the drive is encrypted using TrueCrypt and that TrueCrypt has plausible deniability. The whole point of TrueCrypt's plausible deniability is even when you know about the feature, you simply can't mathematically prove whether or not it's being used.
not directly, but their faq pretty clear about a bunch of secondary ( out of band, internet updates duplicated, etc) correlations that could lead to good evidence that the second system exists. pulling that off is noeasy task.
I'm not so sure. TrueCrypt is first and foremost an encryption program. The fact that you have it might suggest that you encrypted something somewhere, but it doesn't directly suggest that you took the time to use its advanced "hidden volume" capabilities. So even if the police can say "hey, this looks encrypted, and you've got nothing else which looks similar, decrypt it for us," they are still stuck on "hey, we didn't find the evidence we were looking for -- maybe you have a hidden volume?". You say "I don't" and the judge says "GRR ARG DECRYPT IT NOW" and you say "I can't, it doesn't exist, I really am innocent, please get the scary men away from me."
It does indeed. However, what are they going to do? Torture you until you give them the "other" password? How can they distinguish whether you just cleaned your hard drive or if you gave them the wrong key?
The technology for this does exist, but it's pretty annoying to use in practice. You need to use the "decoy" OS regularly -- preferably most of the time. After all, it's implausible that you haven't used your web browser in six months, etc, and your adversary would notice this.
The problem there is that the "hidden" OS is (by definition) undetectable from within the "decoy" OS. Therefore, you risk accidentally overwriting it. Some encryption software has workarounds for this, but that typically leaves you exposed while it's in use.
Whole-disk encryption is great for protecting credit card numbers, embarrassing information, and trade secrets from someone who should happen to steal your laptop. If you actually have anything so secret that you're worried about being coerced into decrypting it, I don't know how to help you.
I can see the legal issues that would be forthcoming if you refused to share the key to allow for access or agree to type it in yourself. Obstruction and all that.
I'm wondering what the legal ramifications might be if you set a secondary key that would wipe the drive in the most secure method possible and then provide that key. Or even the alternate boot sequence as suggested.
Oh, I get that, I'm not saying it's a way to avoid the ramifications, I'm just wondering what they are.
I have to say that I somewhat agree with the ruling because there are similar situations with physical objects, not true one-to-one but they are there. I'm just wondering how the courts would react to the destruction of digital evidence that was not directly initiated by the defendant, but indirectly by preparing for the possibility.
These "wipe the drive" decoy password scenarios would never work in real life unless their forensics team was really inept.
There would be copies made and the drive that has the encrypted volume would likely be accessed with a "Write Blocker" forensic device, or in a virtual environment, etc.
This technique would only tip your hand that the volume contents changed after entering the password.
A technical solution to this might be a form of encryption the requires a writable disk to actually decrypt anything. I don't know if that is possible, but it would effectively prevent these safeguards to work. And remember, you don't need to wipe the entire drive. Changing a few random bits in the decryption key would already forever turn the drive contents into unreadable garbage.
I foresee Truecrypt-ception. An encrypted OS within an encrypted OS within an encrypted OS. They'll never find my porn/plans to take over the world/illegal software/hacked secret government cables NOW!!!
Classical jibberish passwords are mostly muscle memory. I know I wouldn't be able to remember some of my mine of that sort after two weeks.
If you were incarcerated and you knew you might have to comply with an order to decrypt a hard drive, it might be in your best interest to create and shadow type many alternate passwords until you actually forget the important one. Then (hopefully) you're just a polygraph away from a not guilty in an obstruction charge.
Of what I understand of the methodology used by polygraph, forgetting the password wouldn't help you out here. You'd still be intentionally misleading the police, and that would lead to the signs the polygraph attempts to detect.
An important clarification since some people seem to be confusing the issue: the police seized her computer already, presumably legally and with a warrant.
So while this does present an interesting edge case in the fifth amendment (does evidence count as evidence if it's encrypted?), it shouldn't set off civil liberty alarm bells in your head nearly as badly as several other things currently going on in this country.
I disagree. If you can be jailed for refusing to decrypt data on a computer seized under a legitimate warrant, then you can be jailed for not having the password for encrypted-looking data on a computer seized under a legitimate warrant. A warrant does not imply guilt, so this means innocent people may be imprisoned.
Just saying that a question of what a court can compel you to do as part of a trial (before sentencing) is a quite different than a fourth amendment issue of illegal search and seizure which it seems some people are conflating this with.
It looks like they're not trying to decrypt the laptop for the fun of it, but judge has physical evidence that the laptop contains relevant information to the case. From the article:
But the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it.
But the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it.
I'd like more details about this - without any clarification, this sounds extremely scary.
Presumably the phone call surveillance was under warrant.
It's also worth noting that they would have needed a warrant to seize the computer itself to begin with. The question is whether, having been seized, they can require her to decrypt it for them.
Note to self: never acknowledge ownership of a laptop with incriminating material on it (encrypted or not); especially while on the phone or in the general vicinity of a recording device.
I used to think we didn't want these kinds of cases in front of the supreme court right now - but I am starting to change my mind. They are showing signs of intelligence.
What happens if a friend of a suspect burns some papers that the jury suspects that those were incriminatory evidence?
In this context: what would happen in the case the crypto software deletes all the data after not logging in for 1 week? (It would be too short for the trial to happen i guess)
I draw the line using a "rag doll" model. They can compel fingerprints, physical keys, DNA, etc. insofar as they can manipulate your limp unresitive (albeit uncooperative) body to take fingerprints, extract keys from pockets, snip a hair, extract a blood sample, etc. They cannot, however, compel you to act on their behalf and against your own interests - to wit, they cannot demand you speak (type, write, press buttons) words the whole point of which can and will be used against you. A fair argument may be made for compelling you to provide the key/combination to a safe, but only insofar as they CAN tear the safe apart with blowtorches & diamond saws if you don't cooperate. But when it comes to the state's evidence hinging entirely upon the defendant's cooperation, no - that's why we have the 5th Amendment (gov't cannot compel one to testify against self).